CVE-2022-49855 is a vulnerability identified in the Linux kernel, specifically within the wireless wide area network (wwan) subsystem's iosm driver. The issue arises in the function ipc_pcie_read_bios_cfg(), which is responsible for reading the WWAN power state configuration from the system BIOS using the ACPI method acpi_evaluate_dsm(). The vulnerability is a memory leak caused by the failure to free the acpi_object returned by acpi_evaluate_dsm() after its use. This improper memory management can lead to gradual memory consumption over time, potentially degrading system performance or causing instability. While the vulnerability does not directly allow code execution or privilege escalation, the leak could be exploited in scenarios where the affected function is called repeatedly, leading to resource exhaustion. The Linux kernel versions affected are identified by specific commit hashes, indicating that this is a low-level kernel code issue. The vulnerability has been published but currently has no known exploits in the wild, and no CVSS score has been assigned. The fix involves ensuring that the acpi_object is properly freed after use to prevent the memory leak.

For European organizations, the impact of CVE-2022-49855 is primarily related to system stability and reliability rather than direct security breaches. Systems running affected Linux kernel versions with the iosm driver enabled and utilizing WWAN functionality may experience memory leaks that could degrade performance or cause crashes over time. This is particularly relevant for organizations relying on embedded Linux devices, industrial control systems, or mobile broadband-enabled infrastructure. While the vulnerability does not directly compromise confidentiality or integrity, prolonged exploitation could lead to denial-of-service conditions due to resource exhaustion. This could disrupt critical services, especially in sectors like telecommunications, manufacturing, and transportation where WWAN connectivity is integral. However, the absence of known exploits and the requirement for specific hardware and driver configurations limit the immediate risk. Organizations with large Linux deployments should consider this vulnerability in their risk assessments, especially if they use WWAN-enabled devices.

To mitigate CVE-2022-49855, European organizations should: 1) Apply the official Linux kernel patches that address the memory leak in the iosm driver as soon as they become available from trusted sources or Linux distributions. 2) Identify and inventory systems using the affected kernel versions and the iosm driver with WWAN functionality enabled to prioritize patching efforts. 3) Monitor system logs and resource usage on WWAN-enabled devices for signs of memory leaks or performance degradation. 4) Where possible, disable WWAN functionality on devices that do not require it to reduce the attack surface. 5) Implement robust update management processes to ensure timely deployment of kernel updates. 6) For embedded or specialized devices, coordinate with vendors to obtain patched firmware or kernel versions. 7) Consider implementing resource monitoring and automated alerts to detect abnormal memory consumption patterns that could indicate exploitation attempts or latent issues.